Log in

View Full Version : LINK: Process-wide API spying-an ultimate hack


Kayaker
March 5th, 2004, 21:22
Another just published article from Code Project, apparently a new twist on API spying..


Process-wide API spying-an ultimate hack

This article presents an absolutely universal model of process-wide API spying solution, capable of hooking all API calls in any user-mode process of our choice, i.e. our spying model is not bound to any particular API at the compile time. Our implementation is limited to logging the return values of all API functions that are called by the target module. However, our model is extensible - you can add parameter logging as well. Our spying model is particularly useful for analyzing the internal working of third-party applications when the source code is not available. In addition to the universal process-wide spying model, we also present one more way to inject the DLL into the target process.

http://www.codeproject.com/system/api_spying_hack.asp

crUsAdEr
March 6th, 2004, 11:23
Hi Kayaker,

I dont think this is new :/... the trick of replacing IAT with call to your own functions has been discussed before i think... at first i thought he hook CreateProcess and patch the OS's IAT loading codes... then it will be system wide hooking but then again that would be OS's dependent :/...

nikolatesla20
March 7th, 2004, 18:34
Hooking a process's IAT is one of my favorite injection techniques

-nt20